CVE-2012-1175

2012-08-26 22:55:00 2012-08-27 06:00:00

Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Gnu Gnash 0.8.10 (not an official CPE)

Gnu - Gnash

Advisory	Patch	Confirmed	Link
			https://bugzilla.redhat.com/show_bug.cgi?id=803443
			52446
			[oss-security] 20120314 Re: CVE request: gnash integer o...
			[oss-security] 20120314 CVE request: gnash integer overf...
			DSA-2435
			48466
			47183
			http://git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb...

CVE-2012-1175

2012-08-26 22:55:00 2012-08-27 06:00:00

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)